Wednesday, 1 May 2013

Let us say, you are working in your private LAN consisting of some or many Windows, Linux or MAC systems connected together through ethernet or Wi-Fi router or something else. Now you need to control one system from a remote host, or transfer a bunch of files from one host to another from a remote place, or you need to execute some Terminal commands over a remote host, and you need a quick way to do so.Well, first thing that will click your mind would be use of "Telnet ( TCP Port No. 23)". Yes, telnet will do. But it is not a secure solution. Whenever we try to connect to remote host using telnet, we are asked for Username and Password, which are transferred as plain text through the communication media. Someone can intercept the communication, sniff the packets, get the username & password, and do what he wishes in the network. The remedy for this problem was "Secure Shell ( TCP Port No. 22)" which offers more security by using encryption methods.Because of those encryption methods used in SSH, it was harder for the people to sniff the passwords or other crucial information in the packets. Another thing that is not available in Telnet is- Authentication. Without authentication, it is not possible to intercept the communication and thus safety is improved to a great extent.

Installation:

There are two key compenent- an openssh-client and an openssh-server. SSH clients communicate with SSH servers over encrypted network connections. openssh-client is already installed in your Linux system by default. But you will have to install openssh-serverin order to receive requests from openssh-client.

In order to install both of them using single instruction, simply run following command:

sudo apt-get install openssh-client openssh-server

How To Use SSH?

After installation, whenever you wish to connect to remote host using SSH, use following command:

ssh user_name@host_name

where, user_name is the name of the account in the remote host you want to use for login and host_name is name of remote host or it's IP address.

for example, ssh mandar@10.10.6.205

Now, the first time an SSH client encounters a new remote server, it will indicate that it has never seen the system before, by displaying the following message:

The authenticity of host 'mandar (10.10.6.205)' can't be established.RSA key fingerprint is 53:b4:ad:c8:51:17:99:4b:c9:08:ac:c1:b6:05:71:9b.
Are you sure you want to continue connecting (yes/no)?

This is just an extra security measure to let you know that you are being connected to a new machine. If you wish to continue the process, just type yesand you will see following:
Warning: Permanently added 'mandar@10.10.6.205' (RSA) to the list of known hosts.
You will then be asked for remote host's password in order to log into the remote host.

mandar@10.10.6.205's password:

Once correct password is entered, you will be logged into the remote machine, You will also see the command prompt of that remote machine instead of your local machine's one.

mandar@linux:~$

And now.. you are ready to execute your commands on the remote machine by just sitting on your local machine. Type exit to terminate the connection with remote host.

Thats's it..!!

Conclusion:

SSH and Telnet serve same purpose- to connect to remote host to perform some sort of communications. But, SSH is more secure as compared to Telnet as data is encrypted in SSH before it is sent over Internet, whereas in Telnet plain text is transferred. Also, Authentication is needed for the user who wants to take part in communication as far as SSH is concerned, but no such authentication is needed in Telnet.

One thing that is noticeable while using both these services is the bandwidth. Because of encryption techniques used to enhance security in SSH, overheads to bandwidth are added as compared to telnet. Otherwise, SSH is far better than Telnet and it has started replacing telnet.

2 comments:

Hey!I've liked the image :)but the text is a little too simple...You colud say more:- Windows do not install a ssh server thru apt-get command line.- A non-debian based server will need another command like yum- In windows we can use softwares like putty do connect- RSA keys- SSH tunnels

Nice post. Just as an addition, a tiny, but important and smart move for increasing security even more would be changing the server's standard SSH listening port from 22 to a personally chosen port as long as that port is not used by some other service. SSH-ing would then be: